Equivalence Checking

The always increasing complexity of digital system is overcome in design flows based on Transaction Level Modeling (TLM) by designing and verifying the system at different abstraction levels. The design implementation starts from a TLM high-level description and, following a topdown approach, it is refined towards a corresponding RTL model. However, the bottom-up approach is also adopted in the design flow when already existing RTL IPs are abstracted to be reused into the TLM system. In this context, proving the equivalence between a model and its refined or abstracted version is still an open problem. In fact, traditional equivalence definitions and formal equivalence checking methodologies presented in the literature cannot be applied due to the very different internal characteristics of the models, including structure organization and timing. Targeting this topic, the paper presents a formal definition of equivalence based on events, and then, it shows how such a definition can be used for proving the equivalence in the RTL vs. TLM context, without requiring timing or structural similarities between the modules to be compared. Finally, the paper presents a practical use of the proposed theory, by proving the correctness of a methodology that automatically abstracts RTL IPs towards TLM implementations.

C++ based verification methodologies are now emerging as the preferred method for SOC design. However most of the verification involving the C++ models are simulation based. The challenge of using C++ for sequential equivalence checking comes from two aspects (1) Language constructs such as pointers, polymorphism, virtual methods, dynamic memory allocation, dynamic loop bounds, floating points pose difficulty in creating a model suitable for equivalence checking (2) The memory and runtime required for creating models suitable for equivalence checking from practical C++ designs is huge. In this paper we describe techniques for constructing verification models from C++ designs containing a very rich set of language constructs. The flow is built keeping in mind that formal methods are inherently capacity constrained but need to be applied to large C++ designs to have practical value.

We consider the Laplace equation in a domain of R n , n ≥ 3, with a small inclusion of size ǫ. On the boundary of the inclusion we define a nonlinear nonautonomous transmission condition. For ǫ small enough one can prove that the problem has solutions. In this paper, we study the local uniqueness of such solutions.

The paper presents a process algebraic approach to formal specification and verification of social networks. They are described using the Calculus of Communicating Systems and we reason and verify such formal systems by using directed model checking, which uses AI-inspired heuristic search strategies in order to improve model checking techniques.

We define a model checking technique that applies to a finite state representation of sequential programs. This representation is built by means of an abstraction method which cuts the state explosion by introducing a special symbol, ' , to model 'unknown' variable values. Program properties are expressed by means of a temporal logic, which allow a further abstraction on the basis of the structure of the formulae. The satisfaction of the formulae is checked through a sort of symbolic execution of the programs which may produce a number of false results depending on the number of ' values associated to the variables. Each abstraction produces a different level of incompleteness of the verification result.

In this paper we show how the Cousots' approach to abstract interpretation can be easily and profitably applied to the analysis of concurrent calculi. Actually, when dealing with concurrent processes, a number of interesting properties are independent from the computed values, while they strongly depend on the behavior of processes in terms of performed sequences of actions. In this paper abstract interpretation is applied to the analysis of such a behavior. For this reason, we refer to a quite basic concurrent language: Calculus of Communicating Systems (CCS) without values. The analysis we want to perform can be called interesting actions analysis: the behavior of a process P is observed in an "abstract" way, disregarding all the non-interesting actions. This abstraction can be used as a method for efficiently verifying properties of CCS processes. The abstract semantics we present for such language is able to build a reduced transition system which maintains, with respect to the set of interesting actions, the behavior of the original CCS process. We show how the use of our abstract semantics leads to a reduced transition system on which the properties can be equivalently checked. We consider, as the meaning of CCS processes, the well-known trace semantics, which describes the sequences of actions which can be performed by a process. The interesting actions analysis is seen as an abstraction of such a concrete semantics.

Verification of a concurrent system can be accomplished by model checking the properties on a structure representing the system; this structure is, in general, a transition system which contains a prohibitive number of states. In this paper, we apply a method to reduce the state explosion problem by pointing out the events of the system to be ignored on the basis of the property to be verified. We evaluate the method by means of a real application used as a case study: the system is specified by a CCS program, then the program is reduced by means of syntactic rules; afterwards, the corresponding transition system is built by means of a non-standard operational semantics, which performs further reductions during the construction. Prototype tools perform both kinds of reductions; finally the required properties are checked by means of the model checkers of the CWB-NC.

A new approach to parallel fault simulation for sequential circuits based on Binary Decision Diagrams (BDD) is proposed. The efficiency of BDDs for simulation is well known. However, traditional BDDs are not well-suited for fault simulation. Furthermore, up to now, they have not been used for parallel simulation. In the paper, a new class of BDDs is presented, called Structurally Synthesized BDDS (SSBDD). Sequencial circuits are represented as a network of SSBDDs. SSBDD networks allow efficient and compressed fault modeling. An algorithm is developed and implemented for parallel fault simulation based on the new SSBDD model.

Despite the limited academic focus on the context of Official Language Schools (OLSs), these institutions play a crucial role in the formal education system, which are exclusively dedicated to foreign language teaching across various modalities in Andalusia, where ten different languages are taught. The main aim of this study is to perform an analysis the following two specific aspects: first, a descriptive analysis of the digital competence of 105 OLS teachers, and, second, a contrastive analysis examining potential differences in digital competence based on the language and teaching modalities (e.g., faceto-face vs. blended learning). This study uses the DigCompEdu framework to evaluate the digital skills of the teachers, revealing that, while they receive some training in digital competence, the overall level is only moderate, indicating a significant need for further professional development. Notably, the study highlights that the teachers' ability to convey the importance of digital tools for educational purposes is a crucial area, particularly in an environment where digital natives and immigrants coexist, presenting an intergenerational digital divide. The contrastive analysis shows no significant differences in digital competence based on language or modality, pointing to the lack of specialized training for blended learning teachers, who must rely heavily on technology in their work. This study suggests future research should focus on the digital competence of students, considering age as a potential influential factor in language learning, and recommends designing a tailored digital competence training plan for OLS teachers based on the DigCompEdu framework, which could benefit foreign language educators broadly.

Despite the limited academic focus on the context of Official Language Schools (OLSs), these institutions play a crucial role in the formal education system, which are exclusively dedicated to foreign language teaching across various modalities in Andalusia, where ten different languages are taught. The main aim of this study is to perform an analysis the following two specific aspects: first, a descriptive analysis of the digital competence of 105 OLS teachers, and, second, a contrastive analysis examining potential differences in digital competence based on the language and teaching modalities (e.g., faceto-face vs. blended learning). This study uses the DigCompEdu framework to evaluate the digital skills of the teachers, revealing that, while they receive some training in digital competence, the overall level is only moderate, indicating a significant need for further professional development. Notably, the study highlights that the teachers' ability to convey the importance of digital tools for educational purposes is a crucial area, particularly in an environment where digital natives and immigrants coexist, presenting an intergenerational digital divide. The contrastive analysis shows no significant differences in digital competence based on language or modality, pointing to the lack of specialized training for blended learning teachers, who must rely heavily on technology in their work. This study suggests future research should focus on the digital competence of students, considering age as a potential influential factor in language learning, and recommends designing a tailored digital competence training plan for OLS teachers based on the DigCompEdu framework, which could benefit foreign language educators broadly.

Wendelin Serwe, you have been a tremendous mentor for me. I would like also to thank my thesis director Dr. Radu Mateescu. Thanks to both of you for your encouragement and availability. Your advice have been priceless. I would like to thank my industrial supervisors from STMicroelectronics Mr. Guilhem Barthes, Mr. Grégory Faux, Dr. Massimo Zendri as well as my industrial managers Mr. Christophe Chevallaz and Mr. Olivier Haller. I would like also to express my gratitude to the external committee members of my thesis defense: Dr. Ghassan Chehaiber, Dr. Emmanuelle Encrenaz, Dr. Thierry Jéron , and Pr. Franz Wotawa for studying, discussing, and reporting about my thesis. Thank you for letting my defense be an enjoyable moment, and for your brilliant comments and suggestions. Thanks to you. I would like to thank all the CONVECS team members of Inria: Dr. Rim Abid, Dr.

Threshold logic is gaining prominence as an alternative to Boolean logic. The main reason for this trend is the availability of devices that implement these circuits efficiently (current mode, differential mode circuits), as well as the promise they hold for the future nano devices (RTDs, SETs, QCAs and other nano devices). This has generated renewed interest in the design automation community to design efficient CAD tools for threshold logic. Recently a lot of work has been done to synthesize threshold logic circuits. So far there has been no efficient method to verify the synthesized circuits. In this work we address the problem of combinational equivalence checking for threshold circuits. We propose a new algorithm, to obtain compact functional representation of threshold elements. We give the proof of correctness, and analyze its runtime complexity. We use this polynomial time algorithm to develop a new methodology to verify threshold circuits. We report the result of our experiments, comparing the proposed methodology to the naive approach. We get up to 189X improvement in the run time (23X on average), and could verify circuits that the naive approach could not.

Modern hardware designs are typically based on multiple clocks. While a singly-clocked hardware design is easily described in standard temporal logics, describing a multiply-clocked design is cumbersome. Thus it is desirable to have an easier way to formulate properties related to clocks in a temporal logic. We present a relatively simple solution built on top of the traditional ltlbased semantics, study the properties of the resulting logic, and compare it with previous solutions.

This paper introduces the use of the Complete-1-Distinguishability (C-1-D) property for simplifying FSM verification. This property eliminates the need for a traversal of the product machine for the implementation and the specification. Instead, a much simpler check suffices. This check consists of first obtaining a 1-equivalence mapping between states of the two machines, and then checking that it is a bisimulation relation. The C-1-D property can be used directly on specifications for which it naturally holdsa condition that has not been exploited thus far in FSM verification. We also show how this property can be enforced on arbitrary FSMs by exposing some of the latch outputs as pseudo-primary outputs during synthesis and verification. In this sense, our synthesis/verification methodology provides another point in the tradeoff curve between constraints-on-synthesis versus complexity-of-verification. Practical experiences with using this methodology have resulted in success with several examples for which it is not possible to complete verification using existing implicit state space traversal techniques.

We propose a complete procedure for verifying register-transfer logic against its scheduled behavior in a high-level synthesis environment Our proposal advances the state of the art because it is the first such verification procedure that is both complete and practical. Hardware verification is known to be a hard problem and the proposed verification technique leverages off the fact that highlevel synthesis-performed manually or by means of high-level synthesis software-proceeds from the algorithmic description of the design to structural RTL through a sequence of very well defined steps, each limited in its scope. The major contribution is the partitioning of the equivalence checking task into two simpler subtasks, verifying the validity of register sharing, and verifying correct synthesis of the RTL interconnect and control. While state space traversal is unavoidable for verifying validity of the register sharing, we automatically abstract out irrelevant portions oftbe design, significantly simpliQing the task that must be performed by a back-end model checker. The second task of verifying the RTL is not only shown to reduce to a combinational equivalence check,we present a novel and fast RTL technique for combinational equivalence check instead of using slower gate level techniques. The verification procedure has been applied to several large circuits, and is illustrated on the implementation of a sort algorithm.

This article introduces the notion of a Complete-1-Distinguishability (C-1-D) property for simplifying equivalence checking of finite state machines (FSMs). When a specification machine has the C-1-D property, the traversal of the product machine can be eliminated. Instead, a much simpler check suffices. The check consists of first obtaining a 1-equivalence mapping between the individually reachable states of the specification and the implementation machines, and then checking that it is a bisimulation relation. The C-1-D property can be used directly for specification machines on which it naturally holds---a condition that has not been exploited thus far in FSM verification. We also show how this property can be enforced on an arbitrary FSM by exposing some of its latch outputs as pseudo-primary outputs during synthesis and verification. In this sense, our synthesis/verification methodology provides another point in the trade-off curve between constraints-on-synthesis versus comple...

We describe a type-theoretic foundation for object systems that include interface types" and implementation types," in the process accounting for access controls such a s C ++ private, protected and public levels of visibility. Our approach begins with a basic object calculus that provides a notion of object, method lookup, and object extension an object-based form of inheritance. In this calculus, the type of an object gives an interface, as a set of methods public member functions and their types, but does not imply any implementation properties such as the presence or layout of any hidden internal data. We extend the core object calculus with a higher-order form of data abstraction mechanism that allows us to declare supertypes of an abstract type and a list of methods guaranteed not to be present. This results in a exible framework for studying and improving practical programming languages where the type of an object gives certain implementation guarantees, such a s w ould be needed to statically determine the o set of a function in a method lookup table or safely implement binary operations without exposing the internal representation of objects. We prove t ype soundness for the entire language using operational semantics and an analysis of typing derivations. Two insights that are immediate consequences of our analysis are the identi cation of an anomaly associated with C++ private virtual functions and a principled, type-theoretic explanation for the rst time, as far as we know of the link between subtyping and inheritance in C++, Ei el and related languages.

Component-based software engineering often relies on libraries of trusted components that are combined to build dependable and secure software systems. Resource dependences, constraint conflicts, and information flow interferences arising from component combination that may violate security requirements can be revealed by means of the noninterference approach to information flow analysis. However, the security of large component-based systems may be hard to assess in an efficient and systematic way. In this paper, we propose a component-oriented formulation of noninterference that enables compositional security verification driven by system topology. This is realized by implementing scalable noninterference checks in the formal framework of a process algebraic architectural description language equipped with equivalence checking techniques.

In this paper we describe a practical methodology to formally verify highly optimized, industrial multipliers. We define a multiplier description language which abstracts from low-level optimizations and which can model a wide range of common implementations at a structural and arithmetic level. The correctness of the created model is established by bit level transformations matching the model against a standard multiplication specification. The model is also translated into a gate netlist to be compared with the full-custom implementation of the multiplier by standard equivalence checking. The advantage of this approach is that we use a high level language to provide the correlation between structure and bit level arithmetic. This compares favorably with other approaches that have to spend considerable effort on extracting this information from highly optimized implementations. Our approach is easily portable and proved applicable to a wide variety of state-of-the-art industrial designs.

We describe the implementation, within Ald~baran of an alsorithmlc method allowing the generation of a mln;rnal labeled transition system from an abstract model ; this m;nirnality iS relative to an equivalence relation. The method relies on a symbolic representation of the state space. We compute the minimal labeled transition system using the Binary Decision Diagram structures to represent the set of equivalence classes. Some experiments are presented, using a model obtained from LOTOS specifications.

We describe the implementation, within Ald~baran of an alsorithmlc method allowing the generation of a mln;rnal labeled transition system from an abstract model ; this m;nirnality iS relative to an equivalence relation. The method relies on a symbolic representation of the state space. We compute the minimal labeled transition system using the Binary Decision Diagram structures to represent the set of equivalence classes. Some experiments are presented, using a model obtained from LOTOS specifications.

Reduced Ordered Binary Decision Diagrams (ROBDDs) have traditionally been built in a bottom-up fashion, through the recursive use of Bryant''s apply procedure [4], or the ITE [2] procedure. With these methods, the intermediate peak memory utilization is often larger than the final ROBDD size. This peak memory requirement limits the complexity of the circuits which can be processed using ROBDDs. Recently it was shown in [9] that for a large number of applications, the peak memory requirement can be substantially reduced by a ...

Most of cryptographic protocols are subjects to very subtle attacks. Therefore, many researchers have developed tools to model and analyze protocols to guarantee their security properties. The spi calculus has proved to be useful for analyzing and reasoning on cryptographic protocols. However, current works assumed that the spi calculus dealt with transferring a single unstructured message for sending each message in a single action, which is mostly needed in implementing real protocols with an open environment, such case cause a problem in proving the freshness of generated keys for each output action. In this paper, we introduced an improved version of spi calculus called the Tspi calculus that provides the ability for solving the problem of tuple of messages using nested partial map function and guarantee the freshness of generated keys by the use of an evolution function for each action in the running processes for making suitable decision during interaction with an open environ...

In this paper, we provide a transformation from the branching bisimulation problem for infinite, concurrent, data-intensive systems in linear process format, into solving Parameterized Boolean Equation Systems. We prove correctness and illustrate the approach with two examples. We also provide small adaptations to obtain similar transformations for strong and weak bisimulations and simulation equivalences.

C++ based verification methodologies are now emerging as the preferred method for SOC design. However most of the verification involving the C++ models are simulation based. The challenge of using C++ for sequential equivalence checking comes from two aspects (1) Language constructs such as pointers, polymorphism, virtual methods, dynamic memory allocation, dynamic loop bounds, floating points pose difficulty in creating a model suitable for equivalence checking (2) The memory and runtime required for creating models suitable for equivalence checking from practical C++ designs is huge. In this paper we describe techniques for constructing verification models from C++ designs containing a very rich set of language constructs. The flow is built keeping in mind that formal methods are inherently capacity constrained but need to be applied to large C++ designs to have practical value.

We present a novel technique for Sequential Equivalence Checking (SEC) between non-cycle-accurate designs. The problem is routinely encountered in verifying the correctness of a system-level model versus an RTL design which has been derived from the former either manually or through high-level synthesis. The existing state-of-the-art in formal verification/SEC does not provide an efficient mechanism to perform such an equivalence check. Our technique reduces the SEC problem to a cycle-accurate equivalencechecking problem by constructing a pair of normalized cycle-accurate designs from the original designs, on which standard equivalencechecking techniques can then be deployed. We report the results of deploying our techniques on several industrial examples.

This paper studies the problem of checking the simulation preorder for data-centric services. It focuses more specifically on the underlying decidability and complexity issues in the framework of the Colombo model [1]. We show that the simulation test is exptimecomplete for Colombo services without any access to the database (noted Colombo DB=∅) and 2exptime-complete when only bounded databases are considered (the obtained model is noted Colombo bound). This is a decidability border since we have shown in previous work that the simulation test for unbounded Colombo is undecidable. Moreover, as a side effect of this work, we establish a correspondance between Colombo DB=∅ , restricted to equality, and Guarded Variable Automata (GVA) [2]. As a consequence, we derive EXPTIME-completeness of simulation for GVA.

If citing, it is advised that you check and use the publisher's definitive version for pagination, volume/issue, and date of publication details. And where the final published version is provided on the Research Portal, if citing you are again advised to check the publisher's website for any subsequent corrections.

Constraint automata have been introduced to provide a compositional, operational semantics for the exogenous coordination language Reo, but they can also serve interface specification for components and an operational model for other coordination languages. Constraint automata have been used as basis for equivalence checking and model checking temporal logical properties. The main contribution of this paper is to reason about the local view and interaction and cooperation facilities of individual components or coalitions of components by means of a multi-player semantics for constraint automata. We introduce a temporal logic framework that combines classical features of alternating-time logic (ATL) for concurrent games with special operators to specify the observable data flow at the I/O-ports of components. Since constraint automata support any kind of synchronous and asynchronous peer-to-peer communication, the resulting game structure is non-standard and requires a series of nontrivial adaptations of the ATL model checking algorithm. 2 Constraint Automata (CA) This section summarizes the main concepts of CA. We slightly depart from the syntax of CA as introduced in [6] and deal with transitions q c − → p, where c is a concurrent I/O-operation, i.e., c consists of a (possibly empty) node-set N ⊆ N together with data items for each A ∈ N that are written or received at node A. In the moment where c is executed there is no data flow at the nodes A ∈ N \ N. Concurrent I/O-operations and I/O-streams. Let N be a finite, nonempty set of nodes. We define a concurrent I/O-operation as a function c : N → Data ∪ {⊥}, where the symbol ⊥ means "undefined". We write Nodes(c) for the set of nodes A ∈ N such that c(A) ∈ Data, where Data is the data domain. For technical reasons, we also allow the empty concurrent I/O-operation c ∅ with Nodes(c ∅) = ∅. It represents any internal step of some component or a non-observable step, where data flow appears at some hidden (invisible) nodes only. We refer to CIO as the set of all concurrent I/O-operations (including c ∅). As we suppose N and Data to be finite, the set CIO of concurrent I/Ooperations is finite as well. When reasoning about the data flow in a Reo network we will also need a special symbol √ that indicates that data flow has stopped. CIO √ stands for CIO ∪ { √ }. Definition 1 (Constraint automata [6]). A constraint automaton (CA) is a tuple A = Q, N, −→, Q 0 , AP, L , where Q is a finite and nonempty set of states, N a finite set of nodes, −→ is a subset of Q × CIO× Q called the transition relation of A, Q 0 ⊆ Q a nonempty set of initial states, AP a finite set of atomic propositions, and L : Q → 2 AP a labeling function. We write q c − → p instead of (q, c, p) ∈−→. Furthermore, we define the set of all I/O-operations enabled in q as CIO(q) def = c ∈ CIO : q c − → p for some p ∈ Q .

Logic programs with abstract constraint atoms provide a unifying framework for studying logic programs with various kinds of constraints. Establishing strong equivalence between logic programs is a key property for program maintenance and optimization, and for guaranteeing the same behavior for a revised original program in any context. In this paper, we study strong equivalence of logic programs with abstract constraint atoms. We first give a general characterization of strong equivalence based on a new definition of program reduct for logic programs with abstract constraints. Then we consider a particular kind of program revision-constraint replacements addressing the question: under what conditions can a constraint in a program be replaced by other constraints, so that the resulting program is strongly equivalent to the original one.

This paper introduces a process calculus with recursion which allows us to express an unbounded number of runs of the ping-pong protocols introduced by Dolev and Yao. We study the decidability issues associated with two common approaches to checking security properties, namely reachability analysis and bisimulation checking. Our main result is that our channel-free and memory-less calculus is Turing powerful, assuming that at least three principals are involved. We also investigate the expressive power of the calculus in the case of two participants. Here, our main results are that reachability and, under certain conditions, also strong bisimilarity become decidable.

Estimating and minimizing the maximum power dissipation during testing is an important task in VLSI circuit realization since the power value affects the reliability of the circuits. Therefore during testing suitable methodologies should be adopted to minimize power consumption. Test patterns generated with-D 1 option of ATALANTA contains don't care X bits. By suitable filling of don't cares can minimize the number of switching activity between two successive patterns. The switching power dissipation of the Circuit under Test (CUT) also depends on the order of patterns applied for testing. If consecutive pattern application time is sufficiently large then leakage power dissipation does not alter on the ordering of the patterns. So under this circumstances leakage power does not change but if the pattern application time is small leakage power depends on the ordering of the pattern applied to the CUT. Previous works concern only about don't care filling or pattern ordering or first filling of don't care and then ordering for low power circuit testing. Ordering after filling of don't care may change the benefits of X-filling. The advantage of test power reduction of both the methods-don't care filling and ordering may be obtained if they are considered together. In this work an approach based on Genetic Algorithm (GA) is used to solve the integrated problem for X-filling and reordering of test patterns considering pattern dependency to minimize the switching activity throughout testing without changing the fault coverage. Effectiveness of the proposed GA based approach compared to existing approach considering test patterns for ISCAS'85 benchmark circuits is shown in the result section.

Estimating and minimizing the maximum power dissipation during testing is an important task in VLSI circuit realization since the power value affects the reliability of the circuits. Therefore during testing a methodology should be adopted to minimize power consumption. Test patterns generated with –D 1 option of ATALANTA contains don’t care bits (x bits). By suitable filling of don’t cares can minimize the number of switching activity between two successive patterns. The switching power dissipation of the Circuit under Test (CUT) also depends on the order of patterns applied for. If consecutive pattern application time is sufficiently large then leakage power dissipation does not alter on the ordering of the patterns. So under this circumstances leakage power does not change but if the pattern application time is small leakage power depends on the ordering of the pattern applied to the CUT. Previous works concerns only about don’t care filling or pattern ordering or first filling o...

Decision diagrams (DDs) are a data structure that allows compact representation of discrete functions. The efficient construction of DDs in terms of space and time is often considered problem. A particular problem is that during the construction of a DD, a large number of temporary nodes are created. We address this problem in the case when the functions are specified in the PLA format. A common practice is to construct a DD by recursively processing all the cubes in PLA specification. The DD representing a subfunction defined by a single cube is merged with the DD for the subfunction defined by all the previously processed cubes. We proposed a method of reordering and partitioning the set of cubes in PLA specification that results in the reduction of both space and time complexities of the construction of DDs. First, we arrange cubes by their suffices. Then we partition the set of cubes, construct DDs for the subfunctions representing each partition separately, and merge them into a final DD. The reordering and partitioning ensures that these intermediary decision diagrams never exceed a certain size which is controlled by the size of the partitions. In this way, the number of operations on the nodes during the merging decision diagrams is reduced. This reduction results in a decrease both in the number of temporary nodes and construction time. The proposed method is used for the construction of DDs for the set of standard benchmark functions. The experiments show that the total number of created nodes is reduced on average by 34.65 percent, while the construction time is decreased by 48.6 percent.

Logic synthesis tools face difficult challenges regarding algorithms for synthesizing circuits with increased inputs and complexity. Machine learning techniques shows to be an attractive option to improve electronic design tools. We explore Cartesian Genetic Programming (CGP) for logic optimization of exact or approximate Boolean functions in our work. The proposed CGP-based flow receives the expected circuit behavior as a truth-table and either performs the synthesis starting from random circuits or optimizes a circuit description provided in the format of an AND-Inverter Graph. The optimization flow improves solutions found by other techniques, using them for bootstrapping the evolutionary process. We use two metrics to evaluate our CGP-based flow: (i) the size defined by the number of AIG nodes or (ii) the circuit accuracy. We perform experiments on approximate circuits, and results show that the CGP-based flow provided at least 22.6% superior results when considering the trade-off between accuracy and size compared with two other methods that brought the best accuracy and size outcomes, respectively.

Logic synthesis tools face tough challenges when providing algorithms for synthesizing circuits with increased inputs and complexity. Machine learning techniques show high performance in solving specific problems, being an attractive option to improve electronic design tools. We explore Cartesian Genetic Programming (CGP) for logic optimization of exact or approximate Boolean functions in our work. The proposed CGP-based flow receives the expected circuit behavior as a truth-table and either performs the synthesis starting from random circuits or optimizes a circuit description provided in the format of an AND-Inverter Graph. The optimization flow improves solutions found by other techniques, using them for bootstrapping the evolutionary process. We use two metrics to evaluate our CGP-based flow: (i) the number of AIG nodes or (ii) the circuit accuracy. The results obtained showed that the CGP-based flow provided at least 22.6% superior results when considering the trade-off between...

Equivalence checking is used to verify whether two programs produce equivalent outputs when given equivalent inputs. Research in this field mainly focused on improving equivalence checking accuracy and runtime performance. However, for program pairs that cannot be proven to be either equivalent or non-equivalent, existing approaches only report a classification result of unknown, which provides no information regarding the programs’ non-/equivalence.

In this paper, we introduce PASDA, our partition-based semantic differencing approach with best effort classification of undecided cases. While PASDA aims to formally prove non-/equivalence of analyzed program pairs using a variant of differential symbolic execution, its main novelty lies in its handling of cases for which no formal non-/equivalence proof can be found. For such cases, PASDA provides a best effort equivalence classification based on a set of classification heuristics.

We evaluated PASDA with an existing benchmark consisting of 141 non-/equivalent program pairs. PASDA correctly classified 61%–74% of these cases at timeouts from 10 s to 3600 s. Thus, PASDA achieved equivalence checking accuracies that are 3%–7% higher than the best results achieved by three existing tools. Furthermore, PASDA’s best effort classifications were correct for 70%–75% of equivalent and 55%–85% of non-equivalent cases across the different timeouts.

The specification and validation of security protocols often requires view- ing function calls - like encryption/decryption and the generation of fake messages - explicitly as actions within the process semantics. Following this approach, this paper introduces a symbolic framework based on value-passing processes able to handle sym- bolic values like fresh nonces, fresh keys, fake addresses and fake messages. The main idea in our approach is to assign to each value-passing process a formula describing the symbolic values conveyed by its semantics. In such symbolic processes, called con- strained processes, the formulas are drawn from a logic based on a message algebra equipped with encryption, signature and hashing primitives. The symbolic operational semantics of a constrained process is then established through semantic rules updating formulas by adding restrictions over the symbolic values, as required for the process to evolve. We then prove that the logic required from the sema...

Meadows recently proposed a formal cost-based framework for the analysis of denial of service, showing how to formalize some existing principles used to make cryptographic protocols more resistant to denial of service by comparing the cost to the defender against the cost to the attacker. The first contribution of this paper is to introduce a new security property called impassivity designed to capture the abil- ity of a protocol to achieve these goals in the framework of a generic value-passing process algebra called Security Process Algebra (SPPA) extended with local function calls, cryptographic primitives and special semantic features in order to handle cryp- tographic protocols. Impassivity is defined as an information flow property founded on bisimulation-based non-deterministic admissible interference. A sound and complete proof method for impassivity is provided. The method extends previous results of the authors on bisimulation-based non-deterministic admissible interferenc...

Meadows recently proposed a formal cost-based framework for analysis of denial of service. It was showed how some principles that have already been used to make cryptographic protocols more resistant to denial of service by trading off the cost to defender against the cost to the attacker can be formalized. The first contribution of this paper is to introduce a new security property called impassivity which intends to capture the ability of a protocol to achieve these goals in the framework of a generic value-passing process algebra called Security Process Algebra (SPPA) extended with local function calls, cryptographic primitives and special semantic features in order to cope with cryptographic protocols. More specifically, impassivity is defined as an information flow property founded on bisimulation-based non-deterministic admissible interference. A sound and complete proof method for impassivity is also provided. The method extends previous results presented by the authors on bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols. The method is illustrated throughout the paper on the TCP/IP connection protocol. A more substantial application to the 1KP secure electronic payment protocol is given in appendix.

Dunfield showed that a simply typed core calculus with intersection types and a merge operator is able to capture various programming language features. While his calculus is type-safe, it is not coherent: different derivations for the same expression can elaborate to expressions that evaluate to different values. The lack of coherence is an important disadvantage for adoption of his core calculus in implementations of programming languages, as the semantics of the programming language becomes implementation-dependent. This paper presents λ i : a coherent and type-safe calculus with a form of intersection types and a merge operator. Coherence is achieved by ensuring that intersection types are disjoint and programs are sufficiently annotated to avoid type ambiguity. We propose a definition of disjointness where two types A and B are disjoint only if certain set of types are common supertypes of A and B. We investigate three different variants of λ i , with three variants of disjointness. In the simplest variant, which does not allow types, two types are disjoint if they do not share any common supertypes at all. The other two variants introduce types and refine the notion of disjointness to allow two types to be disjoint when the only the set of common supertypes are toplike. The difference between the two variants with types is on the definition of top-like types, which has an impact on which types are allowed on intersections. We present a type system that prevents intersection types that are not disjoint, as well as an algorithmic specifications to determine whether two types are disjoint for all three variants.

The combination of intersection types, a merge operator and parametric polymorphism enables important applications for programming. However, such combination makes it hard to achieve the desirable property of a coherent semantics: all valid reductions for the same expression should have the same value. Recent work proposed disjoint intersections types as a means to ensure coherence in a simply typed setting. However, the addition of parametric polymorphism was not studied. This paper presents F i : a calculus with disjoint intersection types, a variant of parametric polymorphism and a merge operator. F i is both type-safe and coherent. The key difficult occurs in an intersection type, it is not statically known whether the instantiated type will be disjoint to other components of the intersection. To address this problem we propose disjoint polymorphism: a constrained form of parametric polymorphism, which allows disjointness constraints for type variables. With disjoint polymorphism the calculus remains very flexible in terms of programs that can be written, while retaining coherence.

Dunfield showed that a simply typed core calculus with intersection types and a merge operator is able to capture various programming language features. While his calculus is type-safe, it is not coherent: different derivations for the same expression can elaborate to expressions that evaluate to different values. The lack of coherence is an important disadvantage for adoption of his core calculus in implementations of programming languages, as the semantics of the programming language becomes implementation-dependent. This paper presents λ i : a coherent and type-safe calculus with a form of intersection types and a merge operator. Coherence is achieved by ensuring that intersection types are disjoint and programs are sufficiently annotated to avoid type ambiguity. We propose a definition of disjointness where two types A and B are disjoint only if certain set of types are common supertypes of A and B. We investigate three different variants of λ i , with three variants of disjointness. In the simplest variant, which does not allow types, two types are disjoint if they do not share any common supertypes at all. The other two variants introduce types and refine the notion of disjointness to allow two types to be disjoint when the only the set of common supertypes are toplike. The difference between the two variants with types is on the definition of top-like types, which has an impact on which types are allowed on intersections. We present a type system that prevents intersection types that are not disjoint, as well as an algorithmic specifications to determine whether two types are disjoint for all three variants.

Functional programming and XML form a good match. Higher order function and parametric polymorphism equip the programmer with powerful abstraction facilities while pattern matching over algebraic data types allows for a convenient notation to specify XML transformation. Previous works in extending Haskell with XML processing features focus on giving a data model for XML values, so that XML transformations can be expressed in terms of Haskell combinators. Unfortunately, XML processing in Haskell does not provide the same static guarantees compared to XML processing in domain specific language such as XDuce and CDuce. These languages natively support regular expression type and (semantic) subtype polymorphism. These give much stronger static guarantees about the wellformedness of programs compared to the existing approaches that process XML documents in Haskell. In combination with regular expression pattern matching, we are allowed to write sophisticated and concise XML transformation. In this thesis, we introduce an extension of Haskell, baptized XHaskell, which integrates XDuce features such as regular expression types, subtyping and regular expression pattern matching into Haskell. In addition, we also support the combination of regular expression types parametric polymorphism and type classes which to the best of our knowledge has not been studied before.